← Voltar para CVEs
CVE-2010-1277
N/ADescricao
SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado4/6/2010
Ultima modificacao4/29/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
zabbix:zabbix
Fraquezas (CWE)
CWE-89
Referencias
http://legalhackers.com/advisories/zabbix181api-sql.txt(cve@mitre.org)
http://legalhackers.com/poc/zabbix181api.pl-poc(cve@mitre.org)
http://secunia.com/advisories/39119(cve@mitre.org)
http://www.osvdb.org/63456(cve@mitre.org)
http://www.securityfocus.com/archive/1/510480/100/0/threaded(cve@mitre.org)
http://www.securityfocus.com/bid/39148(cve@mitre.org)
http://www.vupen.com/english/advisories/2010/0799(cve@mitre.org)
http://www.zabbix.com/rn1.8.2.php(cve@mitre.org)
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0001.html(af854a3a-2127-422b-91ae-364da2661108)
http://legalhackers.com/advisories/zabbix181api-sql.txt(af854a3a-2127-422b-91ae-364da2661108)
http://legalhackers.com/poc/zabbix181api.pl-poc(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39119(af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/63456(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/510480/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/39148(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/0799(af854a3a-2127-422b-91ae-364da2661108)
http://www.zabbix.com/rn1.8.2.php(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.